Validation rules

Validation

Error/Warning/Prompt

Fail updating the password if the old password entered is invalid.

The old password entered is invalid. Operation aborted.

Fail the password command when a given password string is not satisfying the password control requirement.

During authentication:The password must include a minimum of two of these types: uppercase, lowercase, 0–9, and special characters.

During password change from CLI:Password validation error: Password cannot be changed. It must have special characters, A-Z, a-z & 0-9.

Password Minimum length check.

During authentication:Password minimum length check failed; operation aborted.

During password change from CLI:Password validation error: Password minimum length check failed; operation aborted.

NULL password.

During authentication:Blank password is not acceptable; operation aborted.

During password change from CLI:Password validation error: Blank password is not acceptable; operation aborted.

Password contains username or the backwards form of the ID.

During authentication:Password contains the username; operation aborted.

During password change from CLI:Password validation error: Password contains the username.Password validation error: Password contains reverse of associated username.

Fail the password command if given password contains three of the same characters used consecutively.

During authentication:Password contains repetitive characters; operation aborted.

During password change from CLI:Password validation error: Password contains repetitive characters; operation aborted.

Fail the password command if the given password does not differ from the previous password by at least four characters.

During authentication:Password cannot be changed. It must differ from the previous by four characters.

During password change from CLI:Password validation error: Password cannot be changed. It must differ from the previous by four characters.

Fail the password command if the given password is the same as that of a password configured within the password history period.

During authentication:Password cannot be changed; the password entered was used previously.

During password change from CLI:Password validation error: Password cannot be changed; the password entered was used previously.

Fail the password command if it is executed before the password update interval time.

Password command will fail with an error message: The minimum wait period for updating password is not expired. Operation aborted.

Password history clear command: clear password-history operator/manager/local group <name>

If the name does not exist, the following error message is displayed:User:user1 does not exist.

Password minimum length should match the sum of the compositions ( Lowercase + upper case + special characters + numbers).

The minimum password length configured is %s less than the sum of password composition.Operation aborted.

If user last login details display is disabled and the user executes the sh authentication last-login command

The last login details cannot be displayed. Command execution is currently disabled by executing password configuration command ’password configuration log-on-details’.

To enable the password configuration feature, the following should be configured:
  1. Minimum password length should be set to 8 or greater.

  2. Manager credentials should be configured.

  3. Web UI should be disabled.

The precedence in the error message is as follows:
  1. Password minimum length is < 8.The minimum password length configured is 8 less than the sum of password composition. Operation aborted.

  2. Manager is not configured:Manager credentials should be configured to enable the password configuration feature

  3. Web UI will ask for the following confirmation:“The password configuration feature cannot be enabled when the WebUI is enabled.Would you like to disable WebUI and REST protocol? [y/n]:”

When the Password Complexity feature is enabled and manager user is deleted from the system.

Manager account cannot be deleted when the password configuration feature is enabled.

WebUI and password configurations are mutually exclusive.

  1. WebUI cannot be enabled when the password configuration feature is enabled.

  2. The password configuration feature cannot be enabled when the WebUI is enabled.

When incorrect old password is entered during password change.

The old password is invalid.

While enabling the password configuration function:

switch# password configuration-control

The password configuration feature cannot be enabled when the WebUI is enabled.

Would you like to disable WebUI and REST protocol? [y/n]:y